Merge branch 'matt_wilson-vulnerability_status_clarification' into 'master'

Vulnerability status clarification See merge request gitlab-org/gitlab!69562

Merge branch 'matt_wilson-vulnerability_status_clarification' into 'master'
Vulnerability status clarification See merge request gitlab-org/gitlab!69562
1bf3c2b7 · Russell Dickenson · 0b03e040 · 9d56f770 · 1bf3c2b7 · 1bf3c2b7
Commit 1bf3c2b7 authored Sep 08, 2021 by Russell Dickenson
2 changed files
--- a/doc/user/application_security/vulnerabilities/index.md
+++ b/doc/user/application_security/vulnerabilities/index.md
@@ -37,7 +37,9 @@ A vulnerability's status can be one of the following:
 | Detected  | The default state for a newly discovered vulnerability. |
 | Confirmed | A user has seen this vulnerability and confirmed it to be accurate. |
 | Dismissed | A user has seen this vulnerability and dismissed it because it is not accurate or otherwise not to be resolved. |
-| Resolved  | The vulnerability has been fixed and is no longer valid. |
+| Resolved  | The vulnerability has been fixed or is no longer present. |
+
+Dismissed vulnerabilities are ignored if detected in subsequent scans. Resolved vulnerabilities that are reintroduced and detected by subsequent scans have a _new_ vulnerability record created. When an existing vulnerability is no longer detected in a project's `default` branch, you should change its status to Resolved. This ensures that if it is accidentally reintroduced in a future merge, it will be visible again as a new record. You can use the [Activity filter](../vulnerability_report/#activity-filter) to select all vulnerabilities that are no longer detected, and [change their status](../vulnerability_report#change-status-of-multiple-vulnerabilities).

 ## Change vulnerability status


--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -145,6 +145,17 @@ To change the status of vulnerabilities in the table:

 ![Project Vulnerability Report](img/project_security_dashboard_status_change_v14_2.png)

+### Change status of multiple vulnerabilities
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
+
+You can change the status of multiple vulnerabilities at once:
+
+1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to update.
+   To select all, select the checkbox in the table header.
+1. Above the table, select a new status.
+1. Click **Change status** to save.
+
 ## Export vulnerability details

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in the Security Center (previously known as the Instance Security Dashboard) and project-level Vulnerability Report (previously known as the Project Security Dashboard) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
@@ -191,14 +202,3 @@ You can dismiss a vulnerability for the entire project:
 1. Optional. Add a reason for the dismissal and select **Save comment**.

 To undo this action, select a different status from the same menu.
-
-### Dismiss multiple vulnerabilities
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
-
-You can dismiss multiple vulnerabilities at once:
-
-1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss.
-   To select all, select the checkbox in the table header.
-1. Above the table, select a dismissal reason.
-1. Select **Dismiss Selected**.